Features Install Pipeline Integrations Compare Docs
Open Source · MIT License · v3.3

Stop vibe coding.
Start spec coding.

The complete SDD plugin that keeps your requirements, code, and tests in sync. 13 agents, 57 MCP tools, 22 prompts, 14 hooks, 10-phase enforced pipeline, six compliance frameworks.
One install, everything works.

Created by Paula Silva · @paulasilvatech · @paulanunes85

Install Now GitHub npm
13
Agents
57
MCP Tools
10
Phases
22
Prompts
14
Hooks
SPECIFICATION.md — .specs/001-auth — Visual Studio Code
🔍
S
Explorer
▾ 📁 .specs
▾ 📁 001-auth
📄 SPECIFICATION.md
📄 DESIGN.md
📄 TASKS.md
Specky
⚡ Phase 02 · Specify
12 EARS requirements
SPECIFICATION.md
1# User Authentication — Specification
2
3## RequirementsEARS
4
5WHEN user submits valid credentials
6THE SYSTEM SHALL authenticate within 200ms
7
8WHEN 3 consecutive failures occur
9THE SYSTEM SHALL lock account for 15 min
10
11WHEN session token expires
12THE SYSTEM SHALL redirect to /login
13
⎇ main ⚡ Specky: Phase 02 · Specify
Ln 13, Col 42 Markdown UTF-8

Specky running inside VS Code · GitHub Copilot Agent Mode · EARS notation, enforced pipeline

Plugins
What is a Plugin?
A plugin is an organized collection of agents, prompts, skills, hooks, and MCP servers packaged as a single installable unit. Plugins are the enterprise best practice for AI-assisted development — they solve standardization, security, and productivity at scale.
📦 Plugin = Namespace

Encapsulates multiple related components for distribution and reuse across environments. One install, one version lock, one rollback path.

💡 Why this matters

Plugins are the enterprise best practice because they package complete solutions for distribution and reuse. Instead of each developer improvising, the team shares a governed, versioned, and auditable development workflow.

🏛️

Governance & Compliance

Encapsulate approved commands and workflows. Security policies restrict what the AI agent can do, ensuring only homologated APIs and tools are used.

🧠

Shared Knowledge

Senior engineers codify project expertise into skills and hooks. New team members get the full context automatically — tribal knowledge lives in the repo, not in people's heads.

🔌

MCP Interoperability

Built on the open Model Context Protocol standard. Connect to databases, Slack, Jira, GitHub, Azure DevOps — no vendor lock-in, real-time context from every source.

🔄

Lifecycle & CI/CD

Versioned with a lock file. Test, update, and roll back independently. apm install ensures every team member runs the exact same configuration.

🤖

13 Agents

Specialized AI personas — @specky-orchestrator coordinates the full pipeline, @specky-onboarding guides setup, plus 11 more for every phase.

📦

APM Distribution

Install via APM (Agent Package Manager) from Microsoft. Install APM first, then apm install paulasilvatech/specky — 13 agents, 22 prompts, 8 skills, 14 hooks.

Why Specky
Your specs should live next to your code
An orchestrated plugin where agents, prompts, skills, and hooks work together to enforce your pipeline.
🧩

Complete Plugin

13 agents orchestrate the pipeline, 22 prompts for every phase, 8 skills with domain knowledge, 14 hooks guard transitions. One install.

🛡️

Six Compliance Frameworks

HIPAA, SOC 2, GDPR, PCI DSS, ISO 27001. Validate specs against regulatory controls before writing code.

🔒

Nothing Leaves Your Machine

Zero outbound calls. Two dependencies. No eval(). Works fully offline and in air-gapped environments.

🔀

MCP to MCP Routing

Push to GitHub, Terraform, Docker, Jira, Azure DevOps, Figma. Specky generates payloads, your client delivers.

📐

EARS Notation

Six patterns that guarantee every requirement is testable, traceable, and unambiguous.

🤖

14 Automation Hooks

Artifact validation, branch checks, phase gates, LGTM gates, security scan, spec sync, drift monitor. Pre and post on every phase.

Get Started
Install the plugin in 60 seconds
One command installs 13 agents, 22 prompts, 8 skills, 14 hooks, and configures the MCP engine. No signup. No new IDE.

  1. Install the Specky plugin via APM

    One command installs the MCP server, 13 agents, 22 prompts, 8 skills, and 14 hooks.

Terminal 
# Install APM (one-time) — pick one:
$ curl -sSL https://aka.ms/apm-unix | sh        # macOS / Linux
$ brew install microsoft/apm/apm                 # Homebrew
$ irm https://aka.ms/apm-windows | iex           # Windows PowerShell

# Then install Specky:
$ apm install paulasilvatech/specky
💡

Everything is auto-configured. APM creates .vscode/mcp.json, installs agents, prompts, skills, and hooks automatically.

  1. Use Specky's 13 agents and 22 prompts

    Open Copilot Chat → Agent mode → type @specky-onboarding, @specky-orchestrator, @sdd-init, @implementer, or use prompts like /specky-onboarding.

  2. Initialize your first spec

    In Copilot Chat (Agent mode), type:

Copilot Chat — Agent Mode 
@sdd-init initialize spec for user authentication
💡

Tip: Specky auto-detects your stack (TypeScript, Python, Java, Go…) and applies the right EARS patterns. No configuration needed for most projects. Full docs →

  1. Install the Specky plugin via APM

    One command installs the MCP server, agents, prompts, skills, and hooks for Claude Code.

Terminal 
# Install APM (one-time) — pick one:
$ curl -sSL https://aka.ms/apm-unix | sh        # macOS / Linux
$ brew install microsoft/apm/apm                 # Homebrew
$ irm https://aka.ms/apm-windows | iex           # Windows PowerShell

# Then install Specky:
$ apm install paulasilvatech/specky
💡

Everything is auto-configured. APM sets up the MCP server and slash commands automatically.

  1. Use slash commands in Claude Code

    Specky adds 22 prompts. Start with:

Claude Code CLI 
/sdd:spec write a spec for user auth
/sdd:design design the auth architecture
/sdd:review check traceability
💡

All 12 commands: /sdd:spec /sdd:design /sdd:tasks /sdd:implement /sdd:test /sdd:review /sdd:comply /sdd:diagram /sdd:sync /sdd:gate /sdd:changelog /sdd:report

  1. Install the Specky plugin via APM

    One command installs the MCP server, agents, prompts, skills, and hooks for Cursor and Windsurf.

Terminal 
# Install APM (one-time) — pick one:
$ curl -sSL https://aka.ms/apm-unix | sh        # macOS / Linux
$ brew install microsoft/apm/apm                 # Homebrew
$ irm https://aka.ms/apm-windows | iex           # Windows PowerShell

# Then install Specky:
$ apm install paulasilvatech/specky
💡

Everything is auto-configured. APM sets up the MCP server automatically. Works with any MCP-compatible IDE.

  1. Use Specky's 57 tools via natural language

    Ask your AI assistant: "Use specky to write a spec for [feature]" or call tools directly from the MCP panel.

  1. Install the Specky plugin via APM

    One command installs the MCP server, agents, prompts, skills, and hooks for VS Code.

Terminal 
# Install APM (one-time) — pick one:
$ curl -sSL https://aka.ms/apm-unix | sh        # macOS / Linux
$ brew install microsoft/apm/apm                 # Homebrew
$ irm https://aka.ms/apm-windows | iex           # Windows PowerShell

# Then install Specky:
$ apm install paulasilvatech/specky
💡

Everything is auto-configured. APM creates .vscode/mcp.json automatically. Requires VS Code 1.99+ with GitHub Copilot extension.

  1. Verify installation

    Open Copilot Chat → Agent mode → type @specky list tools to confirm 57 tools are registered.

🔒

Air-gapped mode: Specky makes zero outbound network calls. It runs entirely on localhost via stdio. No telemetry, no cloud sync, no external dependencies beyond Node.js.

  1. Download the package tarball on a connected machine

Terminal (internet-connected machine) 
$ npm pack specky-sdd
# produces: specky-sdd-3.3.0.tgz

  1. Transfer to air-gapped machine and install locally

Terminal (air-gapped machine) 
$ npm install -g ./specky-sdd-3.3.0.tgz

  1. Configure your MCP host as usual

    The stdio transport works identically on air-gapped machines. Use the same mcp.json config as any other environment.

  2. Compliance frameworks work fully offline

    HIPAA, SOC 2, GDPR, PCI DSS, ISO 27001 validation runs locally against bundled rule sets — no external validation service required.

🛡️

Enterprise security features (RBAC, rate limiting, HMAC-SHA256 integrity, audit log with syslog export) are available as of v3.3.0. See Security docs →

📦

What is APM? APM (Agent Package Manager) is Microsoft's open-source dependency manager for AI agent configuration. It manages agents, skills, prompts, hooks, and MCP servers as versioned packages with lock files. Install APM first, then run apm install paulasilvatech/specky.

10-Phase Pipeline
Enforced. Not suggested.
Every feature follows the same 10 phases. Gates prevent skipping steps. Each phase has model hints to get the best output from your AI assistant.
Phase 01
🔍

Discovery

Auto-scan codebase, detect stack, map existing patterns

Reasoning model
Phase 02
📋

Specify

EARS notation requirements — 6 patterns, fully testable

GPT-4o / Sonnet
Phase 03
🏗️

Design

Architecture, components, interfaces, 17 diagram types

o3 / Opus
Phase 04

Validate

Traceability matrix — every requirement linked to design

GPT-4o / Sonnet
Phase 05
📝

Plan Tasks

Sequenced task list with [P] parallel markers & gates

o3 / Opus
Phases 1–5 complete · Gate check passed · Continuing
Phase 06
⚙️

Implement

Code generation guided by spec, SRP enforced per file

GPT-4o / Sonnet
Phase 07
🧪

Test

Tests for 6 frameworks — unit, integration, e2e, property

GPT-4o / Sonnet
Phase 08
🔐

Secure

OWASP Top 10 scan, compliance framework validation

o3 / Opus
Phase 09
📚

Document

API docs, ADR, changelog, runbooks auto-generated

GPT-4o / Sonnet
Phase 10
🚀

Release Gate

Branch-aware PR (spec→develop→stage→main), blocking gates, sign-off

Reasoning model
IDE Integrations
One plugin, every IDE
Specky is a plugin, not a standalone tool. It enhances your existing AI IDE with 13 agents, 22 prompts, and 57 MCP tools — all working together.
🧠

GitHub Copilot

13 agents + 22 prompts

@specky-onboarding @specky-orchestrator @sdd-init +10

Claude Code

22 prompts + hooks

/specky-onboarding /specky-greenfield +20
🎯

Cursor / Windsurf

57 tools via MCP

stdio transport
🌐

Any MCP Host

stdio + HTTP transport

Future proof
Feature Comparison
How Specky compares
Side-by-side against the tools developers actually evaluate.
Feature Specky Kiro (AWS) Cursor Windsurf Antigravity
Architecture & Deployment
What it is SDD Plugin IDE (VS Code fork) IDE (VS Code fork) IDE (VS Code fork) IDE (Cloud+Desktop)
Runs 100% locally ✓ Yes ~ IDE local, AI cloud ~ IDE local, AI cloud ~ IDE local, AI cloud ✗ Cloud-processed
Air-gapped / offline ✓ Full ✗ No ~ Enterprise only ~ Self-hosted ✗ No
Open source (MIT) ✓ MIT ✗ Proprietary ✗ Proprietary ✗ Proprietary ✗ Proprietary
Works in any IDE ✓ Any MCP host ✗ Kiro only ✗ Cursor only ✗ Windsurf only ✗ Antigravity only
Spec-Driven Workflow
Enforced pipeline phases ✓ 10 phases ~ 3 phases ✗ None ✗ None ✗ None
EARS notation requirements ✓ 6 patterns ~ Basic EARS ✗ No ✗ No ✗ No
Traceability matrix ✓ Automated ~ Manual ✗ No ✗ No ✗ No
Spec-sync hooks ✓ 14 hooks ~ 3 event types ✗ No ✗ No ✗ No
Autonomous agents ✓ 13 agents ~ 1 agent ~ 1 (Composer) ~ 1 (Cascade) ~ 16 agents
Compliance & Security
Compliance frameworks ✓ 6 built-in ✗ No ✗ No ~ SOC2/HIPAA ✗ No certs
OWASP scan in pipeline ✓ Phase 08 ✗ No ~ MCP add-on ✗ No ✗ No
RBAC + audit log ✓ Built-in ~ AWS IAM ~ Enterprise ~ Enterprise ✗ No
IDE & Tooling
MCP tools ✓ 57 tools ~ MCP support ~ MCP marketplace ~ MCP support ~ 1,500+ catalog
Diagram generation ✓ 17 types ~ Sequence only ✗ No native ✗ No native ~ Visual verify
IaC generation ✓ Terraform, Bicep, Docker ✗ No ~ Prompt-based ~ Prompt-based ~ Prompt-based
Pricing
Cost ✓ Free · MIT Free–$200/mo Free–$200/mo Free–$60/mo Free–$250/mo
What makes it different
Built different on purpose
Designed around what matters when shipping production software.

Open source, MIT license

Fork it, extend it, audit it. No vendor lock, no seat pricing.

10 enforced pipeline phases

Not suggestions. Actual gates that prevent skipping steps.

Works in any MCP host

No proprietary IDE. Use VS Code, Copilot, Claude Code, Cursor, or any MCP-compatible client.

Fully offline capable

Code never leaves your machine. Air-gapped environments fully supported.

17 diagram types

Sequence, class, ERD, state, C4, deployment and more from your specs.

Tests for 6 frameworks

Vitest, Jest, Playwright, Pytest, JUnit, xUnit. Plus property-based testing.

Infrastructure as Code

Terraform, Bicep, Dockerfiles generated from your design docs.

6 compliance frameworks

HIPAA, SOC 2, GDPR, PCI DSS, ISO 27001. Validate before you code.

Enterprise security (v3.3.0)

Opt-in RBAC, token-bucket rate limiting, HMAC-SHA256 state integrity, hash-chained audit log with syslog export.

Specky

Spec it before you ship it.

Install in 60 seconds. No signup. No new IDE.

Install Now GitHub
GitHub npm Docs EARS Guide Contribute MIT License
Created by Paula Silva · @paulasilvatech · @paulanunes85